You are here

Execution Path

Submitted by Naser Ezzati on Wed, 12/21/2011 - 13:02

I started to work on including the execution path to the hierarchy viewer tools that I have developed before. Taking into account the execution path is essential for most kernel based fault and attack detection. For example, in the case of detecting a "remote shell" from kernel traces, we should know how is the owner of this shell to figure out is it allowed or now. For example, if the "Apache" process is the owner, so something wrong is happening!

Also I am working to generalize the way I used for relating the different views in the prototype shown at the December meeting. Also I am working on finding another real problems that this solution can be applicable.I started to create a report on that. Besides the generalization of the proposed solution for the linking problem, different existing solutions will be included In the report. Most of these solutions are about modeling the spatial hierarchies so that with some changes will be applicable to the trace data.